fw/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added lots of stuff

Browse source
This commit is contained in:
fwastring 2025-09-18 11:46:08 +02:00
parent 35fd1799a2
commit 319b39a5c1
8 changed files with 97 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.sops.yaml
View file

@ -2,6 +2,7 @@ keys:
- &admin_fw age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s - &admin_fw age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s
- &server_desktop age106ml0ssx0p24dvfamp322myzka4wzeze9yhzyvtptp9c6fmmru6slswh2x - &server_desktop age106ml0ssx0p24dvfamp322myzka4wzeze9yhzyvtptp9c6fmmru6slswh2x
- &server_macmini age1dql5lwetk39a9y8ummfgjx3aym02yn205lxk389k6q0tu9y3ff4s94l66t - &server_macmini age1dql5lwetk39a9y8ummfgjx3aym02yn205lxk389k6q0tu9y3ff4s94l66t
- &server_legacy age1kf93dpuqhu0a90s49sszgw64mn32hwgrm8suv799ca4ngrkecpqs8ljzk8
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:

72
flake.lock generated
View file

@ -253,11 +253,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757239681, "lastModified": 1757588530,
"narHash": "sha256-E9spYi9lxm2f1zWQLQ7xQt8Xs2nWgr1T4QM7ZjLFphM=", "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "ab82ab08d6bf74085bd328de2a8722c12d97bd9d", "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -356,11 +356,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757385184, "lastModified": 1757920978,
"narHash": "sha256-LCxtQn9ajvOgGRbQIRUJgfP7clMGGvV1SDW1HcSb0zk=", "narHash": "sha256-Mv16aegXLulgyDunijP6SPFJNm8lSXb2w3Q0X+vZ9TY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "26993d87fd0d3b14f7667b74ad82235f120d986e", "rev": "11cc5449c50e0e5b785be3dfcb88245232633eb8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -414,11 +414,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756891319, "lastModified": 1757542864,
"narHash": "sha256-/e6OXxzbAj/o97Z1dZgHre4bNaVjapDGscAujSCQSbI=", "narHash": "sha256-8i9tsVoOmLQDHJkNgzJWnmxYFGkJNsSndimYpCoqmoA=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprgraphics", "repo": "hyprgraphics",
"rev": "621e2e00f1736aa18c68f7dfbf2b9cff94b8cc4d", "rev": "aa9d14963b94186934fd0715d9a7f0f2719e64bb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -443,11 +443,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1757423991, "lastModified": 1757811161,
"narHash": "sha256-tL+b6WC4gJJSo6wjNVIZpQ0DsYg8RmoGHxYuk6jJKbU=", "narHash": "sha256-laCB71qgn9Eht7bH1nobIzEiR5r7WRHAB7XHHxLTiLQ=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "150d693fe794a01aab762a18d2d8a2c8bc54b43c", "rev": "559024c3314e4b1180b10b80fce4e9f20bad14c8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -536,11 +536,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753819801, "lastModified": 1757508108,
"narHash": "sha256-tHe6XeNeVeKapkNM3tcjW4RuD+tB2iwwoogWJOtsqTI=", "narHash": "sha256-bTYedtQFqqVBAh42scgX7+S3O6XKLnT6FTC6rpmyCCc=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-qtutils", "repo": "hyprland-qtutils",
"rev": "b308a818b9dcaa7ab8ccab891c1b84ebde2152bc", "rev": "119bcb9aa742658107b326c50dcd24ab59b309b7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -659,11 +659,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1757376306, "lastModified": 1757894719,
"narHash": "sha256-xZ9agpXP92762wo6pEZd1gs1jJEjrd4WWGtzlpY3QaA=", "narHash": "sha256-sG0DIub/4dB4HK8CahQYm6rTcxT8LHS6QmQNwThIN6M=",
"owner": "nix-community", "owner": "nix-community",
"repo": "neovim-nightly-overlay", "repo": "neovim-nightly-overlay",
"rev": "b142f8f6336853ff325fe39c9f658e51e42c781b", "rev": "2376288a3cf701a272d4b083d2e39a44d087f9e2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -675,11 +675,11 @@
"neovim-src": { "neovim-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1757369388, "lastModified": 1757891857,
"narHash": "sha256-nLc2Oi6N2DfZTVBl8plpSlx13DQGc087ziWymAyjkOI=", "narHash": "sha256-GWKvDTB+03uQGx1qzuBQCewPgZiD8HWX2rovynsBbt8=",
"owner": "neovim", "owner": "neovim",
"repo": "neovim", "repo": "neovim",
"rev": "acb99b8a6572d8ea8d917955a653945550923be0", "rev": "7b8b9d270f6ede43661f54573d1f4f0ae49d4ff1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -690,11 +690,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1757068644, "lastModified": 1757487488,
"narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9", "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -706,11 +706,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1757034884, "lastModified": 1757746433,
"narHash": "sha256-PgLSZDBEWUHpfTRfFyklmiiLBE1i1aGCtz4eRA3POao=", "narHash": "sha256-fEvTiU4s9lWgW7mYEU/1QUPirgkn+odUBTaindgiziY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ca77296380960cd497a765102eeb1356eb80fed0", "rev": "6d7ec06d6868ac6d94c371458fc2391ded9ff13d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -722,11 +722,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1757347588, "lastModified": 1757745802,
"narHash": "sha256-tLdkkC6XnsY9EOZW9TlpesTclELy8W7lL2ClL+nma8o=", "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b599843bad24621dcaa5ab60dac98f9b0eb1cabe", "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -771,11 +771,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757239681, "lastModified": 1757588530,
"narHash": "sha256-E9spYi9lxm2f1zWQLQ7xQt8Xs2nWgr1T4QM7ZjLFphM=", "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "ab82ab08d6bf74085bd328de2a8722c12d97bd9d", "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -802,11 +802,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757503115, "lastModified": 1757847158,
"narHash": "sha256-S9F6bHUBh+CFEUalv/qxNImRapCxvSnOzWBUZgK1zDU=", "narHash": "sha256-TumOaykhZO8SOs/faz6GQhqkOcFLoQvESLSF1cJ4mZc=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "0bf793823386187dff101ee2a9d4ed26de8bbf8c", "rev": "ee6f91c1c11acf7957d94a130de77561ec24b8ab",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
flake.nix
View file

@ -51,7 +51,9 @@
myhostname = "legacy"; myhostname = "legacy";
}; };
modules = [ modules = [
stylix.nixosModules.stylix
./maskiner/legacy/configuration.nix ./maskiner/legacy/configuration.nix
sops-nix.nixosModules.sops
]; ];
}; };
node = nixpkgs.lib.nixosSystem { node = nixpkgs.lib.nixosSystem {

16
maskiner/legacy/configuration.nix
View file

@ -28,11 +28,27 @@ in
../../moduler/sound.nix ../../moduler/sound.nix
]; ];
sops.defaultSopsFile = ../../secrets/sops.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-latte.yaml";
};
home-manager.extraSpecialArgs = { inherit inputs pkgs; }; home-manager.extraSpecialArgs = { inherit inputs pkgs; };
home-manager.users.fw = { home-manager.users.fw = {
imports = [ imports = [
./../../moduler/home.nix ./../../moduler/home.nix
]; ];
stylix.targets = {
lazygit.enable = false;
fish.enable = false;
kitty.enable = false;
waybar.enable = false;
tmux.enable = false;
k9s.enable = false;
};
}; };
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;

1
maskiner/node/configuration.nix
View file

@ -22,6 +22,7 @@
../../moduler/services/monitoring ../../moduler/services/monitoring
../../moduler/services/headscale ../../moduler/services/headscale
# ../../moduler/wastring.nix # ../../moduler/wastring.nix
../../moduler/wedding.nix
]; ];
sops.defaultSopsFile = ../../secrets/sops.yaml; sops.defaultSopsFile = ../../secrets/sops.yaml;

3
moduler/programs/k9s/default.nix
View file

@ -9,7 +9,8 @@ let
in in
{ {
programs.k9s = { programs.k9s = {
enable = true; # enable = true;
enable = false;
settings = { settings = {
k9s.ui.skin = "catppuccin-latte"; k9s.ui.skin = "catppuccin-latte";
}; };

36
moduler/wedding.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
inputs,
pkgs,
...
}:
let
in
{
sops.secrets.github_password = { };
virtualisation.oci-containers = {
backend = "podman";
containers = {
wedding = {
login = {
username = "fwastring";
passwordFile = config.sops.secrets.github_password.path;
registry = "https://ghcr.io";
};
image = "ghcr.io/fwastring/wedding:8eed91e3c05fde5f826f25de4c7bccdbc312caef";
ports = [ "127.0.0.1:8083:8080" ];
};
};
};
services.nginx = {
virtualHosts."wedding.wastring.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8083";
proxyWebsockets = true;
};
};
};
}

5
secrets/sops.yaml
View file

@ -1,6 +1,7 @@
gandi_key: ENC[AES256_GCM,data:rhsDbf5RyChBWsgyLZoHCr12K1CztsoSitGNJbqqXlGhvYIP47cIXO8gCiEDOxhhC+gKp5Zc5biHUZ6Kf9vkV64X9SHoyw==,iv:WU+tuNpU8tlg6utPfah/EU9PrrO02SgJ1Fi07oxUjZI=,tag:9EYL9qX8DCy5U6IC7gP/eg==,type:str] gandi_key: ENC[AES256_GCM,data:rhsDbf5RyChBWsgyLZoHCr12K1CztsoSitGNJbqqXlGhvYIP47cIXO8gCiEDOxhhC+gKp5Zc5biHUZ6Kf9vkV64X9SHoyw==,iv:WU+tuNpU8tlg6utPfah/EU9PrrO02SgJ1Fi07oxUjZI=,tag:9EYL9qX8DCy5U6IC7gP/eg==,type:str]
wireguard_private_key: ENC[AES256_GCM,data:Fk3ZYyj51iSC0q7gQKY9kyg+kPHDJJJOYLiKyIuB2aDbI5yy8pggGyRBjtY=,iv:RQa34Irb93NlOCnpH7oEzDjJ30qlzMTAiosUsZYreqQ=,tag:0UFrh55JHSlJvzDtw7A60w==,type:str] wireguard_private_key: ENC[AES256_GCM,data:Fk3ZYyj51iSC0q7gQKY9kyg+kPHDJJJOYLiKyIuB2aDbI5yy8pggGyRBjtY=,iv:RQa34Irb93NlOCnpH7oEzDjJ30qlzMTAiosUsZYreqQ=,tag:0UFrh55JHSlJvzDtw7A60w==,type:str]
wireguard_public_key: ENC[AES256_GCM,data:4ETVdAeLrqwPh7LZGN6wounajnh8bD9zdq4GWMCdSOJB6Z5ZA4iNHFKPU0k=,iv:RPKRI6A8sOmn22OdVrgl2RpbKGdfkrDdExlRd2QT/Wg=,tag:68cWti2y7f99GFHVYH1rtQ==,type:str] wireguard_public_key: ENC[AES256_GCM,data:4ETVdAeLrqwPh7LZGN6wounajnh8bD9zdq4GWMCdSOJB6Z5ZA4iNHFKPU0k=,iv:RPKRI6A8sOmn22OdVrgl2RpbKGdfkrDdExlRd2QT/Wg=,tag:68cWti2y7f99GFHVYH1rtQ==,type:str]
github_password: ENC[AES256_GCM,data:2Q27cc0cqsWFt/lBNUApWPVRQaXi7uZ3UEn051G/Ar8lZs9zTYYWrg==,iv:s81MlK8u7QzP1azsNw2CtKouJqe/pAHZ7wy5aCWEEuI=,tag:Lf9o6RbLdsQ7ZYCMdVXglQ==,type:str]
sops: sops:
age: age:
- recipient: age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s - recipient: age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s
@ -30,7 +31,7 @@ sops:
OU8yT0cvcnZMMXphMFVHSXpHNjc4dEkKyXiwholsJthB9O7onb0buF6qHNVNZA3s OU8yT0cvcnZMMXphMFVHSXpHNjc4dEkKyXiwholsJthB9O7onb0buF6qHNVNZA3s
A2+HSl5P0HCyaZhDIDBFdaUL2r0CHKOPCN3Lrd5+Rirnx48RnDxwBA== A2+HSl5P0HCyaZhDIDBFdaUL2r0CHKOPCN3Lrd5+Rirnx48RnDxwBA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-13T19:07:35Z" lastmodified: "2025-09-16T20:08:36Z"
mac: ENC[AES256_GCM,data:aQy8wXhipZtFjAGvHd4+M1wj18vIQNOw2gRvjtcCpvsnD35CDHPNPC2taH9p8Dj3zDta+2L+GP7mwsxKyU/jMKQrgVmLb0A2ConBx0IcuAhs1xI6E9lW2zGiQg6eWllQvvFispakc1mT1f763wQRUnsWif/GvNCluBybm0TPjbE=,iv:tFYEFMHear3tI6VTXrvyEJB0jIrmXzK1j7p7R0uRQEo=,tag:uEeJoaaF14YYQSWliZctgw==,type:str] mac: ENC[AES256_GCM,data:AC+MzlY0cJDoiEeSHyce84vueGabqQH/9dUfykUtlLvZehm7evBKR2YC4CMX3rAEv8zNvq8ZsPe5nTdzgB1WGQczkBQoVTe8Wh9vbH/xUVA7Wjk3AtJMkcy3rL4DYZyx5oBFht30o7ixgwTnOk9gXsdrkDbn5zozoIyWcGApgnQ=,iv:dyIphekRyLsgkreE2H6eCoESMh7vRqULtdNmqoqgLN4=,tag:AqRiy8Cv7CBOhWLkyRaqrg==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2